To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39145061,00.htm

Microsoft issues security advisory for IE
Flaw not yet patched...

By Dawn Kawamoto

Published: Monday 04 July 2005

Microsoft has issued a security advisory for Internet Explorer, after a research firm published a working exploit to demonstrate how attackers could take advantage of the flaw.

The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2.

Microsoft said in its advisory: "Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time. But we are aggressively investigating the public report."

A patch for the flaw is not available. As an interim measure, the software giant advises people to set their internet and local intranet security zone settings to "high" before running ActiveX controls.

The alert is part of a recently launched Microsoft programme to confirm reports of security problems and provide a workaround until a fix is delivered.

The discovery of this latest IE flaw comes two weeks after Microsoft released several "critical" security patches, including one for IE. Those patches addressed vulnerabilities that allowed for remote execution of code.

Dawn Kawamoto writes for CNET News.com